home

demeb4a.tmp

ESLAnticheat

Turtle Entertainment GmbH

It runs as a Windows 64-bit kernel mode device driver named “ESLAnticheat”.
Publisher:
<Turtle Entertainment>  (signed by Turtle Entertainment GmbH)

Product:
ESLAnticheat

Version:
1.0.0.118

MD5:
1ce214ef03612620b3354bb0d2970c84

SHA-1:
a69c47461143051b719f41afd7ca423aa619594f

SHA-256:
104ba3286dda434594894836e569a5c600b80e5a52c5404eaf235b5264e91b03

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/4/2024 6:04:55 AM UTC  (today)

File size:
95.9 KB (98,240 bytes)

Product version:
1.0

Copyright:
Copyright © 2016

Original file name:
ESLAnticheat

Common path:
C:\users\{user}\appdata\local\temp\demeb4a.tmp

Digital Signature
Signed by:
Turtle Entertainment GmbH

Authority:
GlobalSign nv-sa

Valid from:
12/12/2014 5:53:35 AM

Valid to:
1/26/2018 2:17:59 AM

Subject:
CN=Turtle Entertainment GmbH, O=Turtle Entertainment GmbH, L=Cologne, S=NRW, C=DE

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A1E8F7E6944C92C7CA61440EFF3F250E

File PE Metadata
Compilation timestamp:
3/9/2017 9:29:14 AM

OS version:
10.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
14.0

Entry address:
0x1C9FE

Entry point:
E9, A9, 39, FF, FF, A9, B3, 69, 84, 10, 8B, DA, 49, 07, 1A, DD, 5C, 08, 23, A2, B1, D7, 3A, E5, 74, 23, 22, 1D, 1C, 7B, EA, 86, 09, 17, 7A, C5, D4, 30, 1B, 81, 0C, C0, DB, E9, F4, 4D, 02, 39, 87, 1A, 49, 99, 67, 35, 37, CE, 3D, B6, F9, C0, 11, 70, 60, C8, 76, B5, E4, 7A, D9, EC, 49, 6F, 72, CB, AA, 51, 8A, B8, CE, 3F, 5E, C5, 03, 1E, DA, C5, 0E, DA, A9, 37, 94, A1, 16, 87, C8, 0F, 80, E1, 42, EE, 0C, 28, FF, 1B, 9A, CD, 01, 41, FA, FE, 8E, 3F, D7, CE, 37, F1, 20, 79, E0, B9, 92, D6, 47, AC, 10, 7B, 6F, 76...
 
[+]

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
13.5 KB (13,824 bytes)

Driver
Display name:
ESLAnticheat

Type:
Kernel device driver (KernelDriver)


Scan demeb4a.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.